It’s been a few weeks since I flew back from San Francisco, but I’m still processing the sheer scale of Microsoft Ignite. With over 20,000 attendees packing the Moscone Center and another 200,000 watching online, the message from the keynotes was clear: the agentic era is officially here, and Microsoft is betting everything on it.
But away from the main stage, the hallway chatter told a more nuanced story. In nearly every conversation I had, the excitement about agents was tempered by a real anxiety about data security, the risk of stale data, oversharing, and the inevitability of agent sprawl. That’s why Microsoft’s announcement of Agent 365 landed with such weight.
Framed as a centralized control plane for AI agents – and aligned with a broader vision of managing agents the way we manage people, through identity, policy, and accountability – it felt like the answer many teams have been waiting for: a way to pull governance out of the shadows and into the center of the agent conversation.
After getting hands-on with Agent 365, though, it became clear that while the vision is strong, the execution is still very early. Early enough that leaders should approach it with curiosity – but also with clear expectations about what’s here today versus what’s still taking shape.
UI Déjà Vu: Familiar Foundations, Familiar Constraints
When you log into a control plane that promises to govern the future of agentic AI, you expect a purpose-built environment designed for the complexity of AI orchestration. Instead, the interface is reminiscent of the Teams Admin Center's app management functionality — echoing the early days of Copilot Studio, when Power Virtual Agents were largely reused under a new name.
This isn’t just a cosmetic observation; it raises important questions about how agents are currently being framed in this first iteration. By tethering Agent 365 to the Teams administration framework, agents appear to be framed through a familiar chat-centric administration model, even as enterprise use cases increasingly push agents beyond conversational boundaries and into autonomous business processes. They experiment, evolve, access data, trigger workflows, and – if left unchecked – trigger new risks.
A true AI governance console needs to account for that lifecycle, from early experimentation through production, deployment, and eventually retirement.
The Visibility Gap: You Can't Manage What You Can't See
Effective governance starts with a complete inventory, but Agent 365 is currently operating with a significant blind spot. In its current preview, Agent 365 surfaces published Copilot Studio agents first, while in-progress builds remain visible in the Power Platform admin center. For organizations seeking a true single-pane experience, this creates a visibility gap, particularly during early experimentation, when data sources and logic are still being defined.
In practice, this means published agents appear in Agent 365, while in-progress builds surface in the Power Platform admin center. In my tenant, Agent 365 shows two published Copilot Studio agents, while the Power Platform admin center lists 47 agents in various stages of development, 25 of which I own.
Why does this matter? True governance requires proactive visibility, not just a reactive catalog of finished products. By the time an agent appears in Agent 365, it is already live and potentially accessible to other users. As admins, we need a control plane that detects agents as soon as they are instantiated, allowing us to inspect the data sources and logic before they become operational risks. Without this, we are essentially waiting for a security incident to occur before we even know a risky agent exists.
Governance without Identity is Just a Directory
The visibility challenge extends into analytics. Even for the agents that do appear in Agent 365, the preview telemetry is coarse-grained and still maturing. A robust governance tool should answer two fundamental questions: Who built this? And who is using it?
Based on my digging into the tool, Agent 365’s analytics dashboard shows aggregate numbers as opposed to user-level identities. You can see that an agent was accessed, but you cannot easily see which specific users are interacting with it or who the original creator was.
This leaves admins managing a "black box." We are being asked to govern agents without knowing their lifecycle stage, their creator, or their specific audience. In an era where we are constantly worried about oversharing and stale data, this lack of granularity is dangerous. Governance without clear identity context limits how confidently administrators can assess risk. Until agents are explicitly connected to creators, owners, and audiences, Agent 365 functions more like a directory than a true agent management layer.
The "Swivel-Chair" Reality of Governance Today
Agent 365 positions itself as a centralized control plane, but the moment you need to enforce actual policies, the tool pushes you to other Microsoft tools. Key governance controls, such as conditional access policies, auditing, and data risk assessments, are not native to the Agent 365 interface; they are located within Microsoft Entra ID, Microsoft Purview, and SharePoint Advanced Management UIs.
This forces admins into a "swivel-chair" workflow: identifying an issue in one tab, then navigating a scavenger hunt through Entra’s complex menus in another tab to fix it. For organizations already stretched thin, this fragmentation adds operational friction at exactly the moment governance needs to become simpler, not more complex.
The disconnect becomes even more glaring when you consider non-Microsoft agents. While Agent 365 gestures toward ecosystem-wide governance, there is currently no auto-discovery for third-party agents running in your environment. Registration is manual: relying on admins or developers to self-report what they’ve built. At scale, that model doesn’t hold. Governance can’t rely on manual registration.
The Open Question No One Can Ignore: Cost
Perhaps the most consequential gap in the Agent 365 preview isn't technical — it's financial. At the announcement, licensing details were not disclosed. While that’s not unusual for preview offerings, it does introduce uncertainty for organizations evaluating whether Agent 365 should become a foundational part of their governance strategy.
For enterprise buyers, this makes controlled pilots especially important. As governance capabilities mature, leaders will need clarity on how Agent 365 licensing aligns with existing Microsoft security and compliance investments.
Until pricing and packaging are clarified, organizations should focus on validating outcomes rather than committing to architecture. Pilot Agent 365 to understand what visibility and control it provides today, identify gaps that require supplemental tooling, and ensure that governance costs scale predictably alongside agent adoption — not ahead of it.
What Agent 365 Really Signals
What the preview of Agent 365 reveals is that governance has finally moved to the center of the agent conversation. Microsoft is acknowledging that agent discovery, oversight, and lifecycle management can’t be an afterthought as organizations scale AI. That shift matters. At the same time, the preview also shows how early the industry still is in defining what agent governance truly requires.
For now, Agent 365 is best viewed as a directional signal rather than a finished control plane. It highlights the right problems – visibility, control, scale – but doesn't yet deliver the depth enterprises will need as agents move from novelty to necessity. The vision is compelling; the execution is still taking shape.
My recommendation? Proceed deliberately. Use Agent 365 as one lens into your agent ecosystem, while validating coverage, telemetry, and enforcement across your broader governance stack. The organizations that succeed in the agentic era won’t rely on a single console — they'll build confidence through layered visibility and controls that evolve as agents do.
